“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”

A team of researchers at The Citizen Lab says the suddenly popular videoconferencing app Zoom uses a non-standard method of encryption, and transmits user information through China. If true, huge: the concern is that China could have access to all the encryption keys needed to access the contents of all those calls.

The researchers advise against use of Zoom by government officials (Boris Johnson is using the app for Cabinet meetings), but say the app is fine for keeping in touch or other forms of low-security group communication, for most users.

Me? I ain’t installing that app for nothing and nobody.

The Citizen Lab’s report warns Zoom “may not be suitable” for:

• Governments and businesses worried about espionage

• Healthcare providers handling sensitive patient information

• Activists, lawyers and journalists working on sensitive topics

But “our findings should not necessarily be concerning”, the report said.

They also note that “Zoom… appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software…this arrangement may make Zoom responsive to pressure from Chinese authorities.”

Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. And it uses all of this surveillance data for profit, against your interests.

Zoom is getting torn apart. That’s not a bad thing. Very very few enterprise tools get the attention of world-class researchers. Even premier applications by huge companies go unexamimed b/c difficulty of obtaining and installing them. Plenty of Tier0 stuff written in C in 2007.

Looks like solid research by @citizenlab. If I’m reading it correctly, actors in China could have access to all the encryption keys needed to see calls. Keep this in mind when you chose to discuss sensitive info using #zoom. Obviously no mil/gov should talk classified on it. https://t.co/9PH5Qd9e9k

Among other concerns including encryption & data being routed through China, “Zoom…appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software…this arrangement may make Zoom responsive to pressure from Chinese authorities” https://t.co/Q6TNgykDwh

Interesting research from Citizen Lab on Zoom – it raises concerns about Chinese end of the company – ‘during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China’ https://t.co/M2dAN9wnEn

Canada’s prime minister Justin Trudeau says the country has signed an agreement with Amazon.com for the distribution of critical emergency medical supplies such as masks, face shields, gowns, ventilators, and test kits in the COVID-19 crisis.

The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]

Everyone is using Zoom for everything from pandemic family gatherings to A.A. meetings to therapy sessions to teaching college classes, but the app has newly revealed and very concerning security vulnerabilities. The contents of thousands of video calls made on the app Zoom were exposed on the open web, and easily available via common web […]

Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]

The last few weeks have given us all a lot to think about. As we watched stores close, Costco lines snake through parking lots and items like hand sanitizer and toilet paper disappear everywhere like they were Lady Gaga tickets, there’s one significant takeaway it’s safe to say we all can agree on. We should […]

Whether it was Bach or Chopin, Ray Charles or Jerry Lee Lewis, Stevie Wonder, Elton John, Alicia Keys or Norah Jones, there was someone whose mastery on the piano made you think, wow, I wish I knew how to do that. It’s a singular, almost timeless skill — and if you love music, there’s no […]

Check Also

Source: Windows Central Microsoft's Surface Duo is coming soon. We're getting closer and closer to an official launch, but we haven't yet heard anything about the software experiences we can expect to see when Surface Duo is ready. Microsoft has been working behind the scenes to update most of their first-party Android apps with support…